Why security automation is critical for effective cyber threat defence
It’s never been more important to invest in enterprise security systems. As organisations embrace permanent hybrid work, security professionals are working hard to secure an ever-widening attack surface against increasingly sophisticated threat actors.
Cyber security has become a boardroom priority. Gartner predicts that by 2025, 60 per cent of organisations will use cyber security risk as a primary determinant in conducting third-party transactions and business engagements.
Delivering sophisticated and robust security systems is business critical, as organisations with weak security practices will struggle to compete in 2023 and beyond. Success requires a combination of great people, rigorous governance, and smart investments in new technologies.
Automation is set to become a massive part of this picture. Threats are more numerous and complex than ever and skills are in short supply. Security professionals can’t be everywhere at once, so a robust security automation strategy is critical.
Telstra commissioned research into the state of Security Operations (SecOps) in North Asia, assessing security automation maturity across a range of complex technology environments. Despite security leaders acknowledging that automation could help reduce 50 per cent of all serious breaches, maturity across the region is still worryingly low.
The rising tide of threat sophistication
North Asia-based organisations are facing significant cybersecurity challenges. Our research finds 75 per cent of senior business leaders experienced a significant increase in security incidents attacking key resources in the last 12 months, with 32 per cent seeing an increase in serious incidents.
These situations created a range of significant business impacts for over a third of firms surveyed. Forty percent say they experienced lost revenue due to a breach, 38 percent experienced reputational damage and 34 percent reported operational downtime.
Organisations across the region are deploying a variety of siloed tools to address this rise in incidents and breaches, generating a high volume of false positive alerts. Business leaders (on average) say 42 per cent of current security alerts are false positives, likely stemming from too many unintegrated or poorly tuned tools and a shortage of security staff.
This is a gap that must be urgently addressed, with nearly a third of breaches resulting from unactioned alarms.
Addressing challenges with automation
AI and automation have massive potential to transform the way cybersecurity professionals carry out day-to-day and critical tasks.
In cybersecurity, AI enables automation in systems and software that emulates human actions, especially manual and repetitive tasks. AI and ML harness data science, decision rules and algorithms to make specific recommendations and perform security functions to help improve the prevention, detection and management of cyber incidents.
Organisations throughout North Asia are using AI in powerful new ways, including automating back-of-house processes and using automated tools to enhance the speed and accuracy of decision-making.
However, there is still a lot of work to be done. We found most firms in the region are early in their security automation journey, with around a quarter (24 per cent) reporting advanced levels of maturity.
Organisations also experienced challenges ‘tuning’ these tools, with a ‘buy, set and forget’ mentality becoming a business reality. This is happening under the weight of more alerts (from more tools, sensors, and feeds), as well as skills shortages and the pace of change the pandemic cemented across technology and culture.
Bridging the automation maturity gap
Well-architected and implemented security automation helps dramatically reduces the likelihood and impact of a severe breach. It helps organisations respond faster and reduces alert fatigue through the unification of threat intelligence (capabilities and feeds), incident response and security operations functions.
Businesses across North Asia should scale security automation investment in a way that suits their business priorities. As part of our research, Telstra developed four fundamental principles for improving maturity, including:
Position security as a champion of digital resilience: Highlight and promote the material business impacts that can help be mitigated with adequate cybersecurity investment to the entire organisation.
Define a strategy across multiple tiers of security automation readiness: Implement a change strategy across tools, processes and people that clearly demonstrates measurable uplift.
Unlock value from security tools: Reassess the value of existing security tools and investigate how automation can be used to unify them.
Leverage the right partner in cyber: Address cyber skills gap with a Managed Security Services Partner that offers high-quality support, always-on reliability and industry-leading expertise.
Organisations can use these four principles as a guide to build a security automation strategy that’s tightly aligned with business and security processes. This helps them do more with the resources they have, cut through the ‘noise’ of false positive alerts, and help build a more resilient and innovative digitally enabled business.
To find out more about how automation strengthens security resilience, download Telstra’s full research paper here.